Re: Transitive third party exceptions from イアンフェッティ on 2012-05-16 (public-tracking@w3.org from May 2012)

From: イアンフェッティ <ifette@google.com>
Date: Wed, 16 May 2012 11:25:54 -0700
To: Kevin Smith <kevsmith@adobe.com>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <CAF4kx8f6jyH-r=MwVjayk2uR5+=2vveMiFP+8fgO3uctAN0QOg@mail.gmail.com>

+1

On Wed, May 16, 2012 at 9:53 AM, Kevin Smith <kevsmith@adobe.com> wrote:

> Is this entirely to meet European requirements, because it sounds like
> there is still some debate among those well versed in European law as to
> whether this will help.  From a logical standpoint, I still maintain this
> makes no sense at all.  Why would we assume the user would trust the 3rdparty who they don’t know, more than the 1
> st party who they do?  If transitive trust is adequate for a 3rd party,
> it surely should be for the 1st party.  I still believe this has almost
> all of the negatives of explicit/explicit (cost and complexity), without
> many of the benefits (aside from the fact that this is at least more
> technically feasible)****
>
> ** **
>
> *Kevin Smith*  |  Engineering Manager  |  Adobe  |  385.221.1288 |
> kevsmith@adobe.com****
>
> ** **
>
> *From:* Ian Fette (イアンフェッティ) [mailto:ifette@google.com]
> *Sent:* Wednesday, May 09, 2012 9:37 AM
> *To:* public-tracking@w3.org Group WG
> *Subject:* Transitive third party exceptions****
>
> ** **
>
> This is meant to satisfy ACTION-194 and is a proposal for transitive third
> party exceptions. I'm not sure if it's necessary if we restrict things to
> "first-party/*" but if you want to list out "first-party/third-party"
> explicit/explicit exceptions, I believe it would be necessary for things
> like advertising networks to function.****
>
> ** **
>
> "If a third party has been granted an exception on a page, then any
> resources fetched by that third party, including items such as images
> included by that third party, content dynamically fetched by that third
> party, or another third party that is redirected to (such as via an HTTP
> 302 status code) are considered to be covered by that exception. This
> applies transitively, meaning that if in a given context "Site A" is a
> third party and has an exception, if it redirects to "Site B" then "Site B"
> is covered by that exception, as would "Site C" if "Site B" either included
> content from or redirected to "Site C".****
>
> ** **
>
> -Ian****
>

Received on Wednesday, 16 May 2012 18:26:24 UTC